Detecting Memory Errors Using Write Integrity Testing

1. One or more tangible device-readable memory with device-executable instructions for performing acts comprising: analyzing a program at compile-time to compute a set of objects associated with each instruction in the program, the set of objects associated with the instruction comprising objects that can be written by the instruction; assigning a first color to instructions and associated objects that are identified as safe; assigning a second color to an instruction and associated objects that are identified as unsafe; for each instruction identified as unsafe, defining a color set associated with the unsafe instruction as a union of the unsafe instruction's associated set of objects and the object pointed to by a pointer associated with the unsafe instruction; determining if two color sets intersect; if two color sets intersect, creating a new color set by merging the two intersecting color sets; repeating the determining and creating steps until each color set is disjoint; and assigning a different color to each disjoint color set.

2. One or more tangible device-readable media memory according to claim 1 , further comprising generating code to raise an exception, if at runtime, the instruction attempts to write to a memory location with a color which is not the instruction's assigned color.

3. One or more tangible device-readable memory according to claim 1 , further comprising generating code to generate and maintain a color table, wherein the color table comprises one color byte for a portion of memory, wherein the portion of memory is larger than one byte.

4. One or more tangible device-readable memory according to claim 3 , wherein generating code to generate and maintain the color table comprises generating code to generate the color table with all entries set to the first color.

5. One or more tangible device-readable memory according to claim 3 , wherein generating code to generate and maintain the color table comprises: generating code to update values in the color table on allocation of objects; and generating code to reset said values to the first color on deallocation of objects.

6. One or more tangible device-readable memory according to claim 1 , wherein assigning the first color to the instructions and associated objects that are identified as safe and assigning the second color to the instruction and associated objects that are identified as unsafe comprises: inserting guard objects between objects which are not safe; and assigning a different color to the guard objects.

7. One or more tangible device-readable memory according to claim 1 , wherein assigning the first color to the instructions and associated objects that are identified as safe and assigning the second color to the instruction and associated objects that are identified as unsafe comprises: arranging objects in memory such that adjacent objects have a different color.

8. One or more tangible device-readable memory according to claim 1 , wherein assigning the first color to instructions and associated objects that are identified as safe and assigning the second color to the instruction and associated objects that are identified as unsafe comprises: assigning a particular color to any objects allocated by a library.

9. One or more tangible device-readable memory according to claim 2 , wherein generating code to raise an exception if, at runtime, the instruction attempts to write to a memory location with a color which is not the instruction's assigned color further comprises: generating code to call wrappers of heap allocation functions, the wrappers receiving a color of an object being allocated; and setting entries in a color table for the allocated object to said color.

10. One or more tangible device-readable memory according to claim 1 , further comprising device-executable instructions for performing acts comprising: computing a set of intended target program locations associated with one or more indirect control-flow transfer instructions in the program; and generating code to raise an exception, if at runtime, the one or more indirect control-flow transfer instructions attempts to transfer control to a location outside of its associated set of intended target program locations.

11. One or more tangible device-readable memory according to claim 10 , further comprising device-executable instructions for performing acts comprising: assigning a color to the one or more indirect control-flow transfer instructions and to each of the associated set of intended target program locations, and wherein generating code to raise the exception if, at runtime, the indirect control-flow transfer instruction attempts to transfer control to a location outside of its associated set of intended target program location comprises: generating code to generate and maintain a color table; and generating code to raise an exception, if at runtime, the indirect control-flow transfer instruction attempts to transfer control to a location with a color which is not the indirect control-flow transfer instruction's assigned color.

12. One or more tangible device-readable memory according to claim 10 , wherein computing the set of intended target program locations associated with the one or more indirect control-flow transfer instructions in the program comprises: computing a set of functions associated with each indirect call in the program, the set of functions associated with an indirect call comprising functions that can be called by the indirect call; and wherein generating code to raise the exception, if at runtime, the indirect control-flow transfer instruction attempts to transfer control to the location outside of its associated set of intended target program locations comprises: generating code to raise an exception, if at runtime, the indirect call attempts to call a function outside of its associated set of functions.

13. One or more tangible device-readable memory with device-executable instructions for performing acts comprising: initializing a color table, wherein the initializing comprises: assigning a first color to instructions and associated objects that are identified as safe; assigning a second color to instructions and associated object that are identified as unsafe; for each instruction identified as unsafe, defining a color set associated with the unsafe instruction as a union of the unsafe instruction's associated set of objects and the object pointed to by a pointer associated with the unsafe instruction; determining if two color sets intersect; if two color sets intersect, creating a new color set by merging the two intersecting color sets; repeating the determining and creating steps until each color set is disjoint; and assigning a different color to each disjoint color set; checking the color table on a write instruction to a memory location; if a color associated with the write instruction is not the same as a color of the memory location, raising an exception; checking the color table on an indirect control-flow transfer instruction which transfers control to a target location; and if a color associated with the indirect control-flow transfer instruction is not the same as a color of the target location, raising the exception.

14. One or more tangible device-readable memory according to claim 13 , further comprising device-executable instructions for performing acts comprising: updating the color table on allocation and deallocation of objects.

15. One or more tangible device-readable memory according to claim 14 , wherein updating the color table on allocation and deallocation of objects comprises: on function entry, updating color table entries for unsafe local variables; and on function exit, resetting color table entries for said unsafe local variables to a default value.

16. A method comprising: computing a set of objects associated with each instruction in a program, each set of objects comprising the objects in the program that can be written by the associated instruction; determining if an instruction is safe or unsafe; if an instruction is safe, assigning a color to the instruction; and if the instruction is unsafe, assigning a different color to the instruction; for each unsafe instruction, defining a color set associated with the unsafe instruction as a union of the instruction's associated set of objects and the object pointed to by a pointer associated with the instruction; determining if two color sets intersect; if two color sets intersect, creating a new color set by merging the two intersecting color sets; repeating the determining and creating steps until each color set is disjoint; assigning a different color to each disjoint color set; and adding instructions to the program at compile-time to generate and maintain a color table and to check the color table before an unsafe write.